I have this neat Firefox extension that does an quick end run around anything like this allowing direct viewing and pulling of the image from cache. Firebug displays the scripting in plain text. Chrome F12 developer tools provides instant access to the Javascript. The methods you cite only work for casual viewers. Site scrapers and content thieves already have your content if they think it's worth stealing.
–
Fiasco LabsMay 5 '12 at 16:50

4 Answers
4

If it has been loaded into the browser, it has been downloaded to your computer's memory. The webpage might attempt to stop you from saving an image (by e.g. disabling right click?) or similar, but if you go into the source of the webpage, you should always be able to find the location of the image or the .js file; if you can load it into the browser, I'm pretty sure you can't block it from being accessed as such and therefore saved. If nothing else, you could scour your computer's temporary files to find the file you're looking for.

I know this isn't really an answer to your question ('How can I stop people doing this'), but I think necessary to point out.

Think about this: if you can't download it, how can the browser display or execute it?

This is really easy to work around - install tamper data for firefox, load a page, watch the resource requests and look at their headers. Then make a direct url request, tamper it and alter the referer to match the previous request. If it works - bam, sorted.

This is a sort of effective trick for hotlink protection, but doesn't prevent you saving the resources offline.

I believe only css images are not downloaded. Are you sure js files aren't being downloaded? maybe they 404'd?

The css code for images is

background:url(/path/image-id.jpg)

What does this have to do with security? It is impossible to prevent a user from keeping it if he can have access to the file (to see in a browser). I only once seen a streaming file i couldn't download. The domain was events.digitallyspeaking.com and i believe what they did was have specialize flash software which required a user login and i suspect made one time use urls generated by a technique in flash. The data was not stored, just streamed. You can possibly do it that way but that requires all the contents to be in flash but yet a user still possibly can make himself a copy

-1: If it is viewed in the browser, it is downloaded -- and therefore can be captured -- locally. CSS is no exception. Streaming flash is no exception.
–
logicalscopeMay 5 '12 at 15:36

"The data was not stored, just streamed." -- nonsense; it's stored in RAM, even if it doesn't actually make it to the HDD.
–
SavaraMay 5 '12 at 15:44

1

I believe only css images are not downloaded. LOL, they're all downloaded...
–
Fiasco LabsMay 5 '12 at 16:54

@logicalscope I was referring to this "can't be saved when I try to save a webpage in Firefox". I also clearly state they can be downloaded "It is impossible to prevent a user from keeping it if he can have access to the file" Are you sure i deserve the downvote :P
–
acidzombie24May 5 '12 at 18:43

1

I suggest editing your answer to make it more clear what you mean.
–
logicalscopeMay 5 '12 at 19:38